Oct 1, 2017

Lock Down your ColdFusion Connector

On my production servers I like to lock down all the Tomcat Connectors to only use a local address.

Each ColdFusion server has a file located in <servername>\runtime\conf\server.xml

In that file you will find Connector definitions,  for AJP or HTTP.  The AJP connectors are for your web server to communicate to ColdFusion.  The HTTP version are for in internal web server, typically used as a means to access the ColdFusion Administrator.

According to Tomcat documentation if you do not specify an address for the Connector, Tomcat will bind to all available IP addresses.

So if your web server is local there is no need to bind to anything other then localhost or 127.0.0.1.

The default Connector looks like the following:

 <Connector  port="8016" protocol="AJP/1.3" redirectPort="8449" tomcatAuthentication="false" maxThreads="500" connectionTimeout="60000"/>

I like to add address="127.0.0.1" so the end result looks like this:

 <Connector  address="127.0.0.1" port="8016" protocol="AJP/1.3" redirectPort="8449" tomcatAuthentication="false" maxThreads="500" connectionTimeout="60000"/>

This locks the port 8016 to only 127.0.0.1.

I would recommend this for all the Connector tags in the server.xml.

If you are using a remote web server, you can still use this feature to only bind to the actual IP the web server will be talking too.

Your ports will most likely be different and your maxthreads may be different.





Posted by at

4 comments:

  1. sandeep saxena3/8/19, 6:56 AM

    This is an interesting blog that you have posted, you shares a lot of useful things about Technology
    Struts Training in Chennai
    Struts Training in Adyar
    struts Training in Anna Nagar
    Wordpress Training in Chennai
    Wordpress course in Chennai
    Struts Training in Chennai
    Struts course in Chennai

    ReplyDelete
    Replies
    1. Unknown9/21/20, 6:21 AM

      Big data is a term that describes the large volume of data – both structured and unstructured – that inundates a business on a day-to-day basis. big data projects for students But it’s not the amount of data that’s important.Project Center in Chennai

      Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Corporate TRaining Spring Framework the authors explore the idea of using Java in Big Data platforms.

      Spring Training in Chennai

      The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. Anbarasan147/11/19, 8:05 AM

    Awesome Post. Have been waiting for a long time. Thanks for sharing this info with us.
    Spoken English Classes in Chennai Anna Nagar
    Spoken English Class in Porur
    Spoken English Class in Vadapalani
    Spoken English Class in Thiruvanmiyur
    Spoken English Class in Chennai
    Best English Speaking Classes in Mumbai
    English Speaking Course in Mumbai
    IELTS Training in Chennai
    IELTS Coaching in Chennai
    IELTS Mumbai

    ReplyDelete
  3. Rajesh6/2/20, 2:23 AM

    It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Selenium Training in chennai | Selenium Training in anna nagar | Selenium Training in omr | Selenium Training in porur | Selenium Training in tambaram | Selenium Training in velachery

    ReplyDelete

Subscribe to: Post Comments (Atom)